With more than 1.8 billion active accounts, Gmail is not only one of the most used services online but one of the most targeted by hackers. It’s not hard to understand why, as Gmail soaks up around half of all email client usage by U.S. market share. Compromise a Gmail account and a threat actor, whether their motive is criminal profit or surveillance-driven, can expect to harvest plenty of information to help their cause: everything from password reset notifications to details of online transactions.
This is why taking basic steps to secure your Google account is so essential.
Not All Gmail Hackers Will Change Your Password
Not all Gmail hackers will change your password and lock you out of your Google account immediately. Although this gives them time to exfiltrate valuable data and potentially reset passwords for other online accounts and services, it’s not the only option available to a threat actor. Indeed, a stealthier long-term approach could be far more profitable if that person is interested in surveillance. Such a tactic does depend on the account holder not knowing an unauthorized person is accessing their Gmail. Thankfully, there are some easy ways to check for this. Here are just three of them.
Check For Gmail Account Activity
Scroll to the bottom of your Gmail inbox and find a feature called last account activity. This will immediately inform you of the time of the previous access to Gmail and whether it is being accessed from a different location. However, you’ll need to click through this to open the complete activity monitor to get the full access picture. This will then reveal all access dates and times as well as the user’s IP address and the device or application being used by them. Get into the habit of checking this out every time you use Gmail and you’ll be able to spot any unauthorized access quickly. Importantly, you can also log them out. You can then change your password and activate two-factor authentication to keep them out. Google will also send notifications about any unusual sign-ins to your account, new devices added to your account or changes to security settings. These will also go to your recovery email, so make sure you keep that updated and access it regularly.
Check For Changes To Gmail Forwarding
Head to your Gmail settings and click the Forwarding and POP/IMAP tab. This will reveal any addresses where incoming email is being forwarded to. An attacker could use this to get a ‘silent copy’ of all your incoming emails without changing your password and alerting you to the compromise. Most users never delve this far into Gmail settings as it is too technical for them and Gmail is so popular because it’s also so easy to use. Like the recent account activity feature, however, I’d recommend you get into the habit of checking your forwarding status regularly. This is also where someone could add access to a third-party email client using the POP or IMAP protocol, which, combined with your account password, also gives them stealthy access to your inbox.
Take The Google Account Security Check-Up
Google provides a freely available and powerful tool to check your account security. The Google Account Security Check-Up brings together many valuable options for securing access to Gmail. Here, you can discover if there have been changes to account recovery options, applications and services that have been granted access to your account, whether you have 2FA activated and what systems you are using to provide it and sensitive Gmail settings. The latter can include reply-to addresses different from your account default, sent-from addresses that are also different and any addresses that have been blocked and so go straight to your spam folder. Blocking security alert addresses, for example, would be a simple way to extend unauthorized activity going unnoticed.
Read the full article here